This one business file is most used in cyberattacks

Building a slide deck, pitch, or presentation? Here are the big takeaways:

PDF files are the most likely to be weaponized and transmitted through attack surfaced, because they are easily created and transmitted. — Barracuda Networks, 2018

Nearly 41 million PDFs scanned in the last three months were part of an attack. — Barracuda Networks, 2018

Businesses beware: That PDF you're about to open may be part of a targeted cyberattack that will compromise your system.

PDF files are the most likely of any other file type to be weaponized, according to a Thursday report from security firm Barracuda Networks. In the last three months, nearly 41 million PDFs scanned were part of an attack, often containing links to malicious sites and active scripts, the report found.

PDFs are especially susceptible to malicious activity because they are easy to construct and transmit, the report noted. Business users and consumers alike must be extremely cautious when opening any PDF attachment in an email or on a website, even when it appears to come from a trusted source. Security professionals should also ensure that employee cybersecurity training is in place at their organization to decrease the likelihood of someone accidentally opening a malicious file or link on a work machine.

"Organizations often become aware of vicious cyberattacks after the damage has already been done," Fleming Shi, senior vice president of technology at Barracuda Networks, said in a press release.

The most sophisticated and efficient attacks are carried over embedded scripts such as JavaScript and VisualBasic: More than 75% of these scripts are malicious, the report found. Scripts can be embedded in HTML or other rich document formats such as RFT and Office. Of the 70 million Office documents scanned by Barracuda Networks in the last three months, more than 4.7 million were malicious or suspicious.

Compressed files are another increasingly popular way for criminals to transmit hidden attacks, and hide non-malware infections like PowerShell scripts. One example of this took place in September 2017, when Barracuda detected a massive ransomware campaign with more than 27 million emails reaching customers in less than a day.

Information leaked in the Equifax breach and other major cyberattacks that resulted in the loss of personally identifiable information (PII) for millions of people will also likely increase both mass phishing and spear phishing attacks in the coming year, the report noted, so businesses and consumers should be vigilant in their efforts to combat these threats.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays